Below the surface of the quickly developing concern and implementation of essential physical protective measures to prevent the further spread of COVID-19 lurks additional threats to your business, patient, and personal information. Unfortunately, there are bad actors who have launched various scams that take advantage of people searching for up-to-date information about COVID-19, are worried or scared about the present situation, or who are looking to help by donating to charities in this time of supply shortages.
It is best to limit information to trusted sources like the Centers for Disease Control and Prevention, your state and local health departments, or those who reference and rely on those sources in reports. The Cybersecurity and Infrastructure Security Agency (CISA), part of The Department of Homeland Security, has issued an advisory with the reminder that, “phishing attacks often use a combination of email and bogus websites to trick victims into revealing sensitive information. Disinformation campaigns can spread discord, manipulate the public conversation, influence policy development, or disrupt markets.” Intentional sources of misinformation usually look genuine and credible at first glance. Just as you should in your daily routine with phishing and other social engineering scams, be aware of the signs of some of the latest scams focused on COVID-19.
Traditional phishing email scams offering screening tests or soliciting charitable donations have infected computer systems and stolen financial information from individuals and businesses alike.
Late last week, several fake maps depicting areas impacted by COVID-19 were detected. When a user clicks on one of these maps to take a closer look, malware is downloaded to the user’s computer that captures personal information such as usernames and passwords.
Today, March 16, 2020, the U.S. Department of Health and Human Services experienced a cyberattack from an unknown attacker who tried to disable its servers with an overload of hits or visits.
The National Security Council posted a message on Twitter Sunday, March 15, 2020, warning against “fake” text messages.
— NSC (@WHNSC) March 16, 2020
Here are a few things to help us stay protected:
- Be suspicious of links in emails, text messages, social media posts, and email attachments. Hover your mouse arrow over a link before clicking to see the real website address. Avoid clicking on shortened website addresses like http://tinyurl.com/website
- Do not provide usernames, passwords, or financial information to anyone unless you have verified their identity, or you have initiated contact. For example, the IRS will not email or call you for your SSN, they communicate via the USPS. Your bank will not email or call you for your account password or PIN.
- Visit trusted websites for current information on COVID-19 and related issues: cdc.gov, www.naccho.org, and www.cisa.gov
Stress levels are high, and it can be easier than usual to get distracted while keeping up with increased personal and professional activity and by the high volume of information coming from so many angles. Let’s help each other stay a little safer by thinking before you click and remembering your trusted sources.
Our Author: Abby Mitchell CHPC, HCISPP, CRISC, CCMP, CHC
TMC Senior Compliance Specialist
Abby started her career at a law firm in Cleveland, Ohio. There, she worked on corporate governance, mergers and acquisitions, and securities. After holding a position at GOJO Industries, the inventors of PURELL®; she joined MemberHealth in 2006, which became the third-largest Medicare Part D plan nationwide. That company was acquired by CVS Caremark and she left in 2010 to pursue a position in the mining and metals industry as contracts management support to the international strategic sourcing group at Cleveland-Cliffs. In 2014, she joined CoverMyMeds as the manager of contract administration and legal operations and went on to become the privacy officer and data governance liaison. Abby earned a bachelor’s degree in German translation and paralegal studies from Kent State University and holds several professional certifications in health care privacy, compliance, and information security.